Branch

“[Rolling out Duo] allowed me to own security. All of the insight it gives you, all of the control, how granular the access policies are. It really makes you the owner of security, regardless of what role you’re in.”— Allen Jeter, Head of IT

The Challenge

Allen Jeter, Head of IT at Branch, manages their client platform engineering and internal infrastructure and security. When Allen first joined Branch, the company was facing some challenges bringing security onboard across the entire organization. Branch was also concerned about protecting itself from phishing attacks, which was of particular importance considering the major companies they serve.

“Branch’s focus on security has to do a lot with our partners, and we’re at the forefront of their mobile applications. All of their users are hitting our servers and we have to ensure that their customer data is as secure as possible. We are essentially part of their application,” Allen said.

The Solution

Having worked with Duo in the past, Allen was familiar with the product, and it stood out to him as striking a balance between simplicity and security. Compared to other solutions, Duo offered more robust documentation, a thoughtfully designed interface, and highly responsive customer support.

“That’s very rare in the security market to have a product that’s as easy to use but also does its job and keeps users secure,” Allen said.

With that knowledge, Duo quickly emerged as the right tool for the job. Duo offers multi-factor authentication (MFA) for all of their services - in the worst case scenario of leaked user credentials, MFA will always be there to protect the user and their identity.

“It was the first choice we made in terms of security, but it was also the right choice,” Allen said.

Simple User Enrollment and Security Integration

Allen had a unique way of summarizing the ease with which Branch rolled out Duo: “IT isn’t really doing its job if it’s being the peanut butter to your productivity. We want to be the WD-40 to your productivity. Duo aligns with that.”

Branch launched a test deployment with their engineers before expanding to more than one hundred users. With many of their users having existing familiarity with Duo, plus the all-around ease of the self-enrollment process, the trial and full deployment took about two weeks.

“Other security products, in terms of the user interface, were just not in the same ballpark as Duo. It was very straightforward, and it took less than five minutes to integrate into most of our production servers and vectors that we needed to lock down,” Allen said.

Branch also seamlessly integrated Duo with other security solutions. Their users are big fans of YubiKeys, which allow them to authenticate into services at the touch of a button using a USB security key.

Powerful Insight and Risk Assessment Tools for Admins

Working with just one other person, Allen needed a solution that offered an intuitive dashboard as well as functionality that allowed him to assess vulnerable users and devices, two boxes that Duo checked off effectively.

“The admin dashboard provides a lot of visibility into our fleet. At a glance, I can see where the login attempts are coming from, what services they’re accessing and if they’re successful in those attempts.”

After protecting their servers with Duo’s solution, they noticed a number of brute-force connection attempts coming from all over world that were blocked by Duo’s API.

Another feature Allen loved, Duo Insight, is free but priceless for keeping Branch safe and educating users. He used this tool to conduct a spearphishing campaign, and after identifying vulnerable users, went through security education with them before trying to catch them again.

“Phishing attacks are one of the more current vectors of attack these days, [but with Insight] you can now be more preventative, in a sense, and less reactive to that threat model,” Allen said.